Access Manager provides token-based authorization allowing granular read and write access control at the user/device, channel, or key level.
As soon as Access Manager is enabled, no pub/sub operations can be done without first explicitly providing an authorization token (auth token) to the PubNub object. If an invalid token is provided, the requesting client will receive a 403 Forbidden Error.
PubNub recognizes any entity with the secret_key for the given API key set as a security authority; a recognized security authority is able to grant or revoke permissions on any token, as well as configure TTLs (time to live) for tokens to expire. A client should never be in possession of the secret_key.
Tokens can be any string of your choosing, allowing simple integration with any existing authentication system, including OAuth (e.g. Facebook, Google, GitHub, etc.), LDAP, or other homegrown solutions.
For further learning, please see: